The objective of satisfying a huge number of renewable power connection requests together with the management of controllable storage devices and flexible loads requires the introduction of new control and communication systems in the power grid operation. The paper focuses on country-based medium voltage grids characterised by a high level penetration of DER (Distributed Energy Resources) and examines the risks associated to the communication malfunctions of an ICT (Information and Communication Technologies) design implementing the voltage control function. The mostly critical segments of such an ICT design are clearly represented by the HV/MV substation networks that, in addition to local communications towards substation control devices and to information exchanges with the remote control centres, have to interact with external actors, managing distributed generators and controllable MV loads, and with utilities’ MV/LV substations aggregating controllable small size generators and flexible LV loads. The first step of the risk analysis shows how the impact on the unsupplied power depends on the topology of the controlled grid, but also on the communication networks targeted by potential attacks. Going deeply into the threat analysis, the paper evaluates mis-behavioural models of voltage control communications while someone is maliciously acting through relevant networks. The impact and threat likelihood values are evaluated over the five scale matrix proposed by the Working Group Smart Grid Information Security of the CEN/CENELEC/ETSI Smart Grid Coordination Group. The final part of the paper identifies the security requirements to be satisfied by the ICT architecture and communication technologies deployed for the implementation of the voltage control function in DER connecting medium voltage grids, giving references to the most relevant security standards.